Syntax for Access Rights
This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.
Class, Operator, and Rights Syntax
Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.
-
Class. Class refers to the type of NIS+ principal (authorization class) to which the rights will apply.
|
Class |
Description |
|---|---|
|
n |
Nobody: all unauthenticated requests |
|
o |
The owner of the object or table entry |
|
g |
The group owner of the object or table entry |
|
w |
World: all authenticated principals |
|
a |
All: shorthand for owner, group, and world (this is the default) |
-
Operator. The operator indicates the kind of operation that will be performed with the rights.
|
Operator |
Description |
|---|---|
|
+ |
Adds the access rights specified by right |
|
- |
Revokes the access rights specified by right |
|
= |
Explicitly changes the access rights specified by right; in other words, revokes all existing rights and replaces them with the new access rights. |
-
Rights. The rights are the access rights themselves. The accepted values for each are listed below.
|
Right |
Description |
|---|---|
|
r |
Reads the object definition or table entry |
|
m |
Modifies the object definition or table entry |
|
c |
Creates a table entry or column |
|
d |
Destroys a table entry or column |
You can combine operations on a single command line by separating each operation from the next with a comma (,).
Table 10-10 Class, Operator, and Rights Syntax--Examples|
Operations |
Syntax |
|---|---|
|
Add read access rights to the owner class |
o+r |
|
Change owner. group, and world classes' access rights to modify only from whatever they were before |
a=m |
|
Add read and modify rights to the world and nobody classes |
wn+m |
|
Remove all four rights from the group, world, and nobody classes |
gwn-rmcd |
|
Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes |
o+cd,wn+rm |
Syntax for Owner and Group
-
Owner. To specify an owner, use an NIS+ principal name.
-
Group. To specify an NIS+ group, use an NIS+ group name with the domain name appended.
Remember that principal names are fully qualified (principalname.domainname).
For owner
principalname |
For group
groupname.domainname |
Syntax for Objects and Table Entries
Objects and table entries use different syntaxes.
-
Objects use simple object names.
-
Table entries use indexed names.
For objects
objectname |
For table entries
columnname=value],tablename |
Note -
In this case, the brackets are part of the syntax.
Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search.
For example:
Table 10-11 Object and Table Entry--Examples|
Type |
Example |
|---|---|
|
Object |
hosts.org_dir.sales.doc.com. |
|
Table entry |
`[uid=33555],passwd.org_dir.Eng.doc.com.' |
|
Two-value table entry |
`[name=sales,gid=2],group.org_dir.doc.com.' |
Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, see "The nistbladm Command" for more information.
- © 2010, Oracle Corporation and/or its affiliates